The problem of online fraud is one that has challenged businesses engaging in electronic commerce (“E-commerce”) since the Internet was initially used as a means to buy and sell good and services. One aspect of the problem is that as the persons committing the fraud (fraudsters) tend to become more sophisticated with every new technological innovation designed to stop or deter them. More to the point, with every new anti-fraud innovation, the fraudsters respond with an even more sophisticated form of fraud. In short, a race exists whereby the fraudsters create a new type of fraudulent scheme, and the E-commerce business must develop a way to detect this fraud.
Many times the level of fraud committed by a fraudster is a function of the time that they have to commit the fraud. That is, the more time the fraudster has to commit the fraud, the greater fraud. This time aspect is, in turn, contingent upon the ability of the E-commerce business to discover the fraud such that the longer it takes the E-commerce business to discover the fraud, the longer the fraudster has to commit the fraud and, hence the greater the fraud.
Fraudulent schemes involving E-commerce can be as elementary as using stolen credit card numbers to purchase goods and services on line, to more sophisticated schemes whereby false email addresses, buyer or seller information is used to transact business. One of the most common types of fraud involves Internet auction sites. According to the Federal Trade Commission and Internet Fraud Watch, fraudulent schemes appearing on online auction sites are the most frequently reported form of Internet fraud. These schemes, and similar schemes for online retail goods, typically purport to offer high-value items—ranging from Cartier™ watches to computers to collectibles such as Beanie Babies™—that are likely to attract many consumers. These schemes induce their victims to send money for the promised items, but then deliver nothing or only an item far less valuable than what was promised (e.g., counterfeit or altered goods). While government policing agencies have stepped up efforts to thwart this fraud, fraudulent schemes still exist.
In response to these various fraudulent schemes, E-commerce sites have developed a number of types of tools to deal with these schemes. One type of tool developed by E-commerce sites is the use of various statistical models that use logistical regression, or some other type of statistical regression model, to look for and determine the long terms buying and selling trends of users, and using these trends, analyzing groups of online sales for fraud. For example, if transactions originating from a particular geographic location for a particular type of good or service are determined to commonly involve fraud (e.g., Cartier™ watches being sold by sellers located in Antarctica), then statistical modeling will typically be able to capture such an instance of fraud. Another tool used by various E-commerce sites is rule based modeling. In rules based modeling, specific rules are generated to combat and address specific fraudulent schemes. For example, if a particular seller from a particular geographical region (e.g., John Smith from California) is known to be a fraudster, then a rule can be set up to prevent this person from transacting business on a particular E-commerce site.
Both statistical models and rules based modeling have limitations in their abilities to detect fraud. For example, statistical models are very slow to detect fraud and suffer greatly from being unable to meet the ever increasing sophistication of fraudsters. Moreover, such models fail to segment well. That is, they rarely are able to provide specific information regarding specific instances of fraud; rather they typically provide a broad overview regarding losses from fraud generally. Using the above example, while statistical models may be able to tell you the amount of loss due to fraud in monetary terms, they typically would not be able to tell you the exact time, and date of a particular loss, not unless a further statistical model was generated to analyze time and date data.
A limitation for rule based modeling comes in the form of the reductionism that is inherent in rules based modeling. That is, the rules in rules based modeling are either applied or not applied to set of facts, and nuances within this set of facts is typically ignored. Again, using the above example, if a rule is created to flag every transaction by a person named “John Smith” who resides in California, then while the Fraudster named John Smith who resides in California might be stopped, so would all legitimate transactions by persons named John Smith who live in California. Other problems arising from rules based modeling come in the form of the fact that each rule must typically be manually entered into a system (e.g., someone must actually write and implement a rule that prohibits “John Smith from California” from engaging in transactions). This manual entering of rules has various computational costs associated with it. More to the point, many times, during the course of applying these manually entered rules, each rule must be applied to each set of facts such that as the number of rules grow, so does the computing times necessary to apply these rules. In some cases, this can result in instances where the computational complexity associated with applying these rules is on the order of O(n).
Not only can the computational costs associated with rules based modeling be costly, but the actual financial costs can also be costly. Many E-commerce sites have an elaborate, labor intensive, security apparatus for protecting against fraud. For example, when a fraudulent scheme is discovered, transactions associated with this scheme are, in many cases, flagged by the particular E-commerce site (e.g., eBay™) on which the transaction is taking place. Flagging a transaction means that the transaction will be examined more closely and, in some cases, stopped by the E-commerce site. In some instances, not only is the transaction flagged, but the account used in facilitating the fraud is also flagged. Many E-commerce sites have an entire fraud escalation apparatus, whereby potential fraud is identified and then the facts regarding the potential fraud are escalated to additional persons for further review and a determination regarding the existence of fraud. This process of identifying fraud and escalating fraud may involve two of more tiers of review, with a first tier of review by, for example, Floor Agents (or Regular Agents) reviewing data posted on the E-commerce by sellers of goods or services. Then, there is a second tier of review by Risk Agents (or Senior Agents and Risk Analysts) who review the flagged transactions and determine where the transaction is fraudulent. In those cases where the transaction is deemed fraudulent, yet no rule exists for this particular type of fraudulent scheme, then a new rule is generated by those at the second tier of review. In some cases, there is even a third tier of review by those Management and Tracking Agents charged with reviewing the activities of the Risk Agents.
In some cases, the phenomena of information loss occurs between the various tiers of review. For example, in some cases certain factors that go into the detection of fraud by those at the Regular Agent level cannot be easily or accurately conveyed to those at the higher tiers such as the Risk Agents and their managers. These factors can, among other things, include intuition.